W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: "Requirements for Powerful Features" strawman.

From: Mike West <mkwst@google.com>
Date: Fri, 21 Nov 2014 11:34:00 +0100
Message-ID: <CAKXHy=cN_SA2xUN=n8=VNykvuBUFqgJGYKDaXHvEFdUNZWpxWg@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: Brad Hill <hillbrad@fb.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
"features which require a verifiably secure environment" is a mouthful,
and, if anything, it's _less_ precise than "powerful", since it doesn't
describe anything at all about the feature itself, instead focusing on the
consequence of whatever properties the feature possesses.

Is there a single adjective other than "powerful" that you'd find less
judgemental? "risky" has the right connotations, but I suspect you'll like
it even less than "powerful". :)

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Thu, Nov 20, 2014 at 9:58 PM, Mark Watson <watsonm@netflix.com> wrote:

>
>
> On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com> wrote:
>
>> Seems clearly covered by "features which require a verifiably secure
>> environment".
>>
> ​As per my other comment, I think language like this would be a much
> better ​- more precise, less judgmental - than "powerful".
>
> Btw, I'm not sure WebCrypto is good to include as an example, since the
> WebCrypto WG decided at TPAC not to require an authenticated origin
> (although the bug is still marked as open).
>
> ...Mark
>
>
>
>
>> I'd prefer doing it here, but I'm easy. If folks think the TAG should
>> publish, I'm sure they'll be happy to do so.
>>
>> -mike
>> On Nov 20, 2014 6:39 PM, "Brad Hill" <hillbrad@fb.com> wrote:
>>
>>>  Do you think that "Powerful Features" belongs as a WebAppSec
>>> deliverable – and should be added to our draft charter – or as a TAG
>>> finding?
>>>
>>>   From: Mike West <mkwst@google.com>
>>> Date: Thursday, November 20, 2014 at 5:21 AM
>>> To: "public-webappsec@w3.org" <public-webappsec@w3.org>
>>> Subject: "Requirements for Powerful Features" strawman.
>>> Resent-From: <public-webappsec@w3.org>
>>> Resent-Date: Thursday, November 20, 2014 at 5:22 AM
>>>
>>>   After talking a bit more with Anne and others, I'm coming around to
>>> the opinion that we should break the "powerful features" bit out of MIX. In
>>> particular, the notion that we need to explain what constitutes a "powerful
>>> feature" pushes this right out of MIX in my mind; it was always tangential,
>>> and if we need to define the category (and I agree that we do), then MIX
>>> isn't the right place for it.
>>>
>>>  I've slapped together a strawman at
>>> https://w3c.github.io/webappsec/specs/powerfulfeatures/
>>> <https://urldefense.proofpoint.com/v1/url?u=https://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=0fcecb0074cfb96997dfb36ca84714e3b5a266f1480943ceb8cb7d410eec3d39>
>>> with lots of TODO text. If folks agree that a separate document is
>>> worthwhile, I'll remove the copy/pasted bits from MIX, clean up the
>>> strawman, and issue a CfC to publish a FPWD.
>>>
>>>  Thanks!
>>>
>>>  --
>>> Mike West <mkwst@google.com>
>>> Google+: https://mkw.st/+
>>> <https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=1dab00db52d0d48e6baf746f4ff9a01f6e3eced390c7139ced53ecba90e1c5f2>, Twitter:
>>> @mikewest, Cell: +49 162 10 255 91
>>>
>>>  Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>>> Registergericht und -nummer: Hamburg, HRB 86891
>>> Sitz der Gesellschaft: Hamburg
>>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>>> (Sorry; I'm legally required to add this exciting detail to emails.
>>> Bleh.)
>>>
>>>
>
Received on Friday, 21 November 2014 10:34:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC